Open-source technologies and communities are a big part of the Rapid7 ethos, and that’s not by chance – it’s by design. Rapid7 believe that their Metasploit, AttackerKB, and Velociraptor initiatives help create a strong threat intelligence foundation as well as a secure digital future for all. Unfortunately, the same open-source tools that help security teams prioritize risk and enhance security outcomes can be misused by threat actors for nefarious purposes.
For example, Rapid7 researchers are aware that the digital forensics and incident response (DFIR) tool Velociraptor has been observed being leveraged by threat actors to execute a ransomware campaign. Rapid7 has implemented detections for this and other Velociraptor-related misuse, and is not impacted by this incident.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Why iPhone users should update and restart their devices now
January 13, 2026
If you were still questioning whether iOS 26+ is for you, now is the time to make that call. Why? On December 12, 2025, Apple patched two WebKit zero‑day vulnerabilities linked to mercenary spyware and is now effectively pushing iPhone 11 and newer users toward iOS 26+, because that’s where the fixes and new memory ...
- Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
January 13, 2026
On Dec. 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive heap memory by exploiting a trust issue in how MongoDB Server handles zlib-compressed network messages. This flaw occurs prior to authentication, meaning an attacker only needs network access to the database’s default port to trigger it. Read more… Source: ...
- Man to plead guilty to hacking US Supreme Court filing system
January 13, 2026
A resident of Springfield, Tennessee, is expected to plead guilty to hacking the U.S. Supreme Court’s electronic document filing system dozens of times over several months. Prosecutors say between August and October 2023, Nicholas Moore, 24, “intentionally accessed a computer without authorization on 25 different days and thereby obtained information from a protected computer,” according to ...
- Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
January 12, 2026
AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities. Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a ...
- New Zealand: Second health provider, Canopy Health, hit in major cyber attack
January 12, 2026
Patients caught up in the CanopyHealth data breach are furious that it took the company six months to tell them about it. On Monday, it was revealed the leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems. In ...
- Europol: 34 arrests in Spain during action against the ‘Black Axe’ criminal organisation
January 9, 2026
The Spanish National Police (Policía Nacional), in close cooperation with the Bavarian State Criminal Police Office (Bayerisches Landeskriminalamt) and with the support of Europol, has conducted an operation against the international criminal organisation ‘Black Axe’. The action resulted in 34 arrests and significant disruptions to the group’s activities. Black Axe is a highly structured, hierarchical group ...